Archive for the ‘Packet Capture’ category

  1. System Error 58 – Wireshark to the rescue

    The other day I was called to investigate a problem where a user could no longer mount a share. The client was running Windows 7. The user got the somewhat obscure message “System error 58 occurred”.

  2. The Network Capture Playbook Part 6 – Planning Network Troubleshooting

    In the previous posts of the Capture Playbook series we discussed various approaches about how to record packets, but before going into more elaborate techniques of doing that we should talk about how a network troubleshooting project works, and especially how to plan a capture setup. In my experience this aspect of a troubleshooting is […]

  3. Sharkfest 2017 US Recap – 10 years of Sharkfest!

    Time always flies at Sharkfest, the annual Wireshark conference, and the 2017 edition – being the 10th Sharkfest in the US – has been no exception. On Friday Sake and me talked about how fast the 3 day conference had felt and we both agreed that “hm, it seems just to have started moments ago […]

  4. The Network Capture Playbook Part 5 – Network TAP Basics

    Most network captures are recorded using SPAN ports, as we’ve seen in the previous part of this series. Now that we know what SPAN is all about, it’s time to find out what TAPs are all about, and why you would want (or need) to use them in network capture. TAP is an acronym for […]

  5. The Network Capture Playbook Part 4 – SPAN Port In-Depth

    We have briefly covered SPAN ports in previous posts of this series, but there are so many things to consider that we have to look at the advantages and problems more closely. Even more so since it looks like there is a constant “battle” going on between SPAN and TAP supporters – some analysts will […]

  6. The Wireshark Q&A trace file sharing tutorial

    In many of those cases the person asking a question on the Wireshark Q&A site posts screenshots or ASCII dumps of the packet list, which is very hard to work with when you’re trying to help. It is much easier if you can get a PCAP or PCAPng file instead, but there are two major […]

  7. The Network Capture Playbook Part 3 – Network cards

    One of the most common answers that come to my mind when being asked questions during or after a talk at a conference is the famous phrase “it depends…”. This may sound unsatisfactory at first, but the problem with a lot of questions regarding network analysis (and packet capture) is that there are always so […]

  8. The Network Capture Playbook Part 2 – Speed, Duplex and Drops

    In part one of the playbook series we took a look at general Ethernet setups and capture situations, so in this post (as in all others following this one) I’ll assume you’re familiar with the topics previously discussed. This time, let’s check out how speed and duplex can become quite important, and what “drops” are […]

  9. Trace File Case Files: SMB2 Performance

    We had an interesting question regarding SMB2 performance on the Wireshark Q&A forum recently. Upon request the person asking the question was able to add a couple of trace files (=”capture” files).  The question and a link to the traces can be found here: https://ask.wireshark.org/questions/55972/slow-writes-even-slower-reads-spanning-wan-to-netapp Since the question nicely fits into the scope my talk […]

  10. Sharkfest Europe 2016 Retrospective

    Finally, the annual Wireshark developer and user conference happened in Europe for the first time in October 2016 at the Hotel Papendal in Arnhem, the Netherlands. It was something many people kept asking for, and with a lot of work and effort, Janice and her team made it happen.